Google Responds to Chrome Frame Security Concerns from Microsoft

Google Chrome Frame is an early-stage open-source plug-in that brings Google
Chrome's open Web technologies, such as the HTML5 canvas tag and JavaScript
engine, to Microsoft's Internet Explorer browser. Google introduced Chrome
Frame on Sept. 22, stating that it can be used with IE versions 6, 7 and 8.

In response, Microsoft accused Google of expanding the attack surface for
IE. Google meanwhile got in a dig of its own as it touted the security of its
Chrome browser.

"With Internet Explorer 8, we made significant advancements and updates
to make the browser safer for our customers," a Microsoft spokesperson
said Sept. 24. "Given the security issues with plug-ins in general and Google
Chrome in particular, Google Chrome Frame running as a plug-in has doubled the
attack area for malware and malicious scripts. This is not a risk we would
recommend our friends and families take."

Part
of the issue is that the plug-in seems to undo IE 8's
privacy features. According to Google, however, the plug-in was
designed with security in mind from the beginning.

"While
we encourage users to use a more modern and standards-compliant browser such as
Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who
don't, Google Chrome Frame is designed to provide better performance, strong
security features and more choice to both developers and users, across all
versions of Internet Explorer," a Google spokesperson said.

The spokesperson added that accessing sites with Chrome Frame brings the
Chrome browser's sandboxing and malware protection features to IE users.
Microsoft, however, pointed to the results of a recent browser
security test by NSS Labs as proof of IE's
security posture. The
test was paid for by Microsoft as part of an internal company analysis of
IE security. NSS Labs later posted the
results for the public.

As the controversy continues, Google is encouraging public involvement in
the development of Chrome Frame.

"We invite all parties with thoughts about Google Chrome Frame to
explore our code and provide feedback about this technology [to] the open-source
community," the spokesperson said.